I am aware of the webid.info site but did not know that it uses
client-side storage and Web Sockets.
The question I have is, as it at least pertains to enterprise apps, what
are the security risks of trusting browser-processed data? Can a WebID
help sufficiently in alleviating those concerns so that enterprise apps
even consider leveraging HTML5's client-side processing and storage
features?
I realize that it is possible to offer some semblance of security, but
what are the issues that we need to consider, to address in this scenario?
Jeff
> Hi Jeff
>
> Just wondering if you have looked at the demo at
>
> http://webid.info/
>
> Uses .js crypto, client side storage and sockets ...
>
> Best
> Melvin
>
> On 7 March 2011 22:37, Jeff Sayre <jeff@sayremedia.com> wrote:
>> As I was working on the WebID use cases document this afternoon, it
>> occurred to me that we will soon see HTML5-powered applications offering
>> client-side data storage and processing using HTML5’s Web Storage and
>> Web
>> SQL Database APIs. We need to consider the implications.
>>
>> What will it mean for WebID as Web applications can be built that
>> persist
>> data entirely on the client, or at least store data on the client for
>> processing and even offline consumption?
>>
>> HTML5 will in essence make it possible to preserve state and allow for
>> application processing to occur on client-side devices. Instead of a fat
>> application server entirely responsible for CRUD operations, it will be
>> possible to create web apps that turn browsers into fat-clients.
>>
>> Is there a way for WebID to allow for enterprise applications to trust
>> the
>> browser to process application logic securely?
>>
>> I searched W3C resources to see what I could find regarding the new
>> HTML5
>> client-side storage specifications. I found this defunct W3C XG (
>> http://www.w3.org/TR/webdatabase/ ) that has splintered into two active
>> groups: http://www.w3.org/TR/webstorage/ and
>> http://www.w3.org/TR/IndexedDB/ However, this are not directly tied to
>> the
>> HTML5 specification.
>>
>> On a side note, I want to draw attention to an important potential point
>> of confusion. The above two specifications (working drafts) both refer
>> extensively to the Web interface definition language called WebIDL (
>> http://www.w3.org/TR/2008/WD-WebIDL-20081219/ ). This is disconcertingly
>> close to the name of our effort--WebID.
>>
>> We need to be cognizant of the fact that some people may confuse these
>> terms. When appropriate, we need to make our best effort to clearly
>> distinguish our work from this nearly-identical nomenclature that refers
>> to something vastly different.
>>
>> Jeff
>>
>>
>>
>